Making an express server and authentication

Express Server Structure

So I’ve successfully created my first express server with the help of this YouTube video and ChatGPT. It’s all working good at the moment. I’ve decided to use MongoDB Atlas as my database and I’m exited to see where it takes me.

This is the file structure for the express server:

πŸ“‚ project-root-directory/
β”œβ”€β”€ πŸ“‚ src/                 # Source files
β”‚   β”œβ”€β”€ πŸ“‚ config/         # Configuration files (e.g., database connection, middleware)
β”‚   β”œβ”€β”€ πŸ“‚ controllers/    # Route controllers (controller logic for your routes)
β”‚   β”œβ”€β”€ πŸ“‚ middleware/     # Express middlewares (e.g., logging, error handling)
β”‚   β”œβ”€β”€ πŸ“‚ models/         # Mongoose database models and schemas
β”‚   β”œβ”€β”€ πŸ“‚ services/         # Mongoose CRUD operations and business logic
β”‚   β”œβ”€β”€ πŸ“‚ routes/         # Express route definitions
β”‚   β”œβ”€β”€ πŸ“‚ utils/          # Utility/helper functions
β”‚   └── index.ts             # Main application entry
β”œβ”€β”€ πŸ“‚ dist/               # Compiled JavaScript files (output from TypeScript compiler)
β”œβ”€β”€ πŸ“‚ tests/              # Test files (e.g., unit, integration tests)
β”œβ”€β”€ πŸ“‚ node_modules/       # Node.js dependencies
β”œβ”€β”€ .env                  # Environment variables
β”œβ”€β”€ .gitignore            # Specifies intentionally untracked files to ignore
β”œβ”€β”€ package.json          # Project metadata and dependencies
β”œβ”€β”€ nodemon.json          # Nodemon config
β”œβ”€β”€ package-lock.json     # Describes exact tree generated (if using npm)
β”œβ”€β”€ tsconfig.json         # TypeScript configuration file
└──             # Documentation for the project

Several years ago I did some .NET (C#) development for the first company that I worked for as a graduate software developer. This express.js server structure looks very similar to the .NET servers that I worked with. At the time the codebase was so big I couldn’t really see the full picture of how everything worked. However, now, after putting everything together from scratch it all makes sense.


Wow Clerk made this so damn easy. I didn’t realise how much went into authentication and authorisation. However, this time round I don’t want to depend on clerk. It’s great. However, for B2C apps it’s just not worth it. It’s too expensive for large scale apps with a freemium model or low price point.

I’ve finally got it all working (I think) using my own sessionTokens.

Essentially when a user signs in they get a sessionToken sent back as a cookie. This sessionToken is stored on the browser and anytime the user makes a request to the Server the sessionToken is sent to the Server as a cookie. The server then looks up the DB and makes sure that the sessionToken corresponds to a user, and checks if this user is authenticated / authorised to access certain pages.

I have also created a middleware.ts file that ensures that the user can only access public routes if unauthenticated. Otherwise they get redirected to the SignIn page.